WordPress Plugin Vulnerabilities
Booking.com Banner Creator < 1.4.3 - Admin+ Stored Cross-Site Scripting
Description
The plugin does not properly sanitize inputs when creating banners, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Proof of Concept
* Open the plugin's add new banner page (B.com Banner -> Add New Banner) * The form field named "Banner Copy" is vulnerable to XSS payloads like: <--`<img/src=` onerror=alert(document.cookie)``> --!> * Update or Publish the page, and you will be provided a shortcode similar to [bdotcom_bm bannerid="123"] * You will then need to create a page that includes the Banner's shortcode above. * Visiting the page with the banner's shortcode will trigger the XSS payload to execute,
Affects Plugins
References
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Asif Nawaz Minhas
Submitter
Asif Nawaz Minhas
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-10-05 (about 2 years ago)
Added
2021-10-05 (about 2 years ago)
Last Updated
2023-04-12 (about 1 years ago)